By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

CORS failure in one of my buckets while all policies and settings are identical.

0

I'm struggling with identifying a CORS problem. I have three buckets, one of which contains PNGs that I want to allow users to download via my app. I've tried pretty much everything, but I continue to have the following issue: "No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled."

When I use one of my other buckets that have the exact same bucket policy (allowing for CORS), it works without error. What am I doing wrong? Where should I look?

Thanks.

Topics
StorageSecurity, Identity, & ComplianceMedia ServicesManagement & GovernanceAWS Well-Architected Framework
Tags
Amazon Simple Storage ServiceSecurity, Identity, & ComplianceAWS Elemental MediaConvertAWS Command Line InterfaceSecurity
Language
English
LWs
asked 3 months ago288 views
2 Answers
1
Accepted Answer

I would suggest looking at your other "good buckets" and see what permissions they have. Do they have a policy added that allows a service to access objects in the bucket? Use an IDE to color code the policies and open up a split browser to see them side by side. For testing purposes, you might use the AWS policy generator to help set up a very permissive policy that allows all services to access objects in your bucket. Once you get access, then tighten up the policy and allow-list the specific resource access to your buckets and objects. Also, are all of these buckets in the same account? You might look at your IAM policies to make sure they are the same, if you are using another account.

AWS
EXPERT
BCole2019
answered 3 months ago
profile picture
EXPERT
Giovanni Lauria
reviewed 23 days ago
  • LWs
    3 months ago

    yeah I did that and all is 100% identical. After long search the only solution i found was to change the metadata of each png to cache-control: no-cache. Super strange the other buckets don't have this need

  • LWs
    3 months ago

    Regarding the IAM policies and different accounts, can you elaborate? I have all three buckets visible in my accounts and open publicly

  • BCole2019 EXPERT
    2 months ago

    Hi LW's, I was just brainstorming on things that you could look to for clues. A standard of practice among some is to have a Dev, Test, and Production account - each for a different purpose. I was just suggesting that if you have multiple accounts, to look at your other accounts and compare permissions.

    On another topic, have you thought about adding a CloudFront distribution to your S3 buckets to securely serve your content to users? You could keep your buckets closed to the public, but allow CloudFront to access objects in your bucket. Read up on it and see what you think?

    https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html

1

Hi,

It looks like the CORS settings in the bucket with PNGs are not allowing requests from other origins. Even though the bucket policies are the same, there could be variations in the CORS settings. Take a look at the CORS settings of the problematic bucket and make sure the 'Access-Control-Allow-Origin' header is set correctly. You can find more information in the official documentation https://docs.aws.amazon.com/AmazonS3/latest/userguide/cors.html

profile picture
Soumyadeep Mandal
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content